Many applications require the use of secrets and cryptographic techniques to establish secure pathways between system elements and to allow one system element to trust information as being verified by a trusted party. Cryptography is employed to an increasing extent in applications on mobile devices (such as mobile telephone handsets, tablets and laptop computers). In conventional arrangements, cryptographic functions and secrets are maintained in a physically and logically separated area to protect them against attack. In other arrangements, the cryptographic functionality is not provided in separate hardware, but is provided in a separate operating environment logically separated from a main operating environment with some assurances of protection against subversion—this may be termed a trusted execution environment (TEE).
A cryptographic system implemented in a TEE provides reasonable security against subversion, but will typically be considered more at risk than a discrete hardware module. It may therefore desirable to refresh key material in a TEE rather than to rely on a single master key to remain effective over the operating lifetime of the TEE (as will typically be the case for a hardware module). This may in practice prove challenging, as any change of key material in the TEE may affect applications in the mobile device relying on cryptographic operations performed in the TEE and will affect interactions between the mobile device and other parties that relate to cryptographic operations performed in the TEE.
It would be desirable to refresh key material in a TEE in such a way that applications in the mobile device and interactions between the mobile device and other parties can be transitioned effectively from the old key material to the new key material.